| Sure, let's give a hypothetical but quite plausible example. Let's say that I run website ABC and the ad intermediary scripts make a note that fingerprint XYZ visited my site. They then give that data to Facebook who some days later records a visit from user srbby with the fingerprint XYZ, so they know that "srbby" with phone number 123455 (which fb has) visited site ABC. Also, your aunt has your phone number in her contact list and she (as a few other people, to make it certain) lists a name "Bob Smith" for it, so FB can link that user "srbby" Bob Smith phone# 123455 visited site ABC. Afterwards they sell that data to some ad agency that combines it with location data from either your cell phone provider (the major US cell providers sell such data) or some driving or taxi app to note your travel patterns and extract where you live and work. So they know that fingerprint XYZ has the following (long) list of user accounts, visits sites like ABC, has that particular phone number, most likely is called Bob Smith, and most likely lives in such and such address and works at ACME Inc (or drives there every morning for another weird reason). For some fingerprints some of that data will be wrong, but it's mostly accurate, and definitely accurate enough for their prposes. They don't really give all that data around to every advertiser just because (well, not for free), however, whenever an ad "auction" asks "heeeey, who's going to bid the most for which ad for fingerprint XYZ?" then this is the profile that's going to be used to make the winning, most targeted bid. |